AppLocker and Software Restriction GPOs – A low-cost and effective way to restrict malware (not just ransomware) from running on systems is AppLocker and associated software restriction GPOs.

Full documentation is available from Microsoft and is completely free.

Features are similar to the Software Restriction Policies of previous Windows versions.

AppLocker is a more robust tool that provides more granular control over program execution.

Email Filtering – Filtering extensions in email will stop a lot of malware attacks, including the Locky ransomware, in its tracks.

Optiv recommends blocking executable and zip file attachments, and filtering all other attachments for manual review.

Safer to block attachments and use a secure transfer option than to allow attachments that may harbor malicious software.

Cloud Access Security Broker (CASB) – CASBs are a helpful way to block traffic calling home to ransomware command and control servers.

Protects against more than just ransomware including traditional malware, botnets, etc.

Security Awareness Training – In the long run, it doesn’t matter what tools are implemented if a user is actively clicking on malicious attachments or taking actions that violate the acceptable use policy for a network.

Optiv offers several training courses, including how to spot phishing attempts, user created vulnerabilities and how to spot malicious downloads.

At the end of the day, companies must understand their environments and the capabilities of their staff. The items covered in this post are very high-level recommendations, but should provide a starting point for protecting against ransomware.